[GH-ISSUE #649] 👥 Add contributor: phatblat #426

New issue

Closed

opened 2026-03-03 16:48:34 +03:00 by kerem · 14 comments

kerem commented 2026-03-03 16:48:34 +03:00

Owner

Copy link

Originally created by @phatblat on GitHub (Apr 27, 2021).
Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/649

Greetings! My team has started using this fabulous library in our inner-source auth library which will be used in 6 (and probably more) of our company's public iOS apps. We are using PingFederate as our OAuth server.

I have noticed that there are two new GitHub releases (2.1.1 & 2.1.2) that have been tagged but not yet released to CocoaPods trunk. Version 2.1.0 is the latest that shows up on CocoaPods.

-> OAuthSwift (2.1.0)
   Swift based OAuth library for iOS and macOS.
   pod 'OAuthSwift', '~> 2.1.0'
   - Homepage: https://github.com/OAuthSwift/OAuthSwift
   - Source:   https://github.com/OAuthSwift/OAuthSwift.git
   - Versions: 2.1.0, 2.0.0, 1.4.1, 1.4.0, 1.3.0, 1.2.2, 1.2.0, 1.1.2, 1.1.1, 1.1.0, 1.0.0, 0.6.0, 0.5.2, 0.5.1, 0.5.0, 0.4.8, 0.4.6, 0.4.5, 0.4.4, 0.4.3,
   0.3.7, 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.1, 0.2.0, 0.1.9, 0.1.2, 0.1.1, 0.1.0 [cocoapods repo]

I would like to help out with publishing these and future releases to CocoaPods. I just need @phimage or @dongri to run the following command to add me as an owner of this pod.

pod trunk add-owner OAuthSwift ben@octop.ad

Note that all CocoaPods trunk session keys have been wiped due to a recent trunk vulnerability, so you'll probably need to authenticate again with pod trunk register.

I have lots of experience publishing libraries to CocoaPods trunk and also publish our own 20+ internal iOS libraries to a private repo.

↪ pod trunk me
  - Name:     Ben Chatelain
  - Email:    ben@octop.ad
  - Since:    August 31st, 2015 19:47
  - Pods:
    - ObjectiveGit
    - libgit2
    - Nimble
    - Fetchable
    - BlueDot
    - Quick
    - RBQFetchedResultsController
    - ABFRealmMapView
    - RBQSafeRealmObject
    - SafeRealmObject
    - SwiftFetchedResultsController
    - RealmMapView
    - Outlets
    - Commandant

I can also help out with issue triage and PR review if you would be open to adding me as a contributor on this repo.

Originally created by @phatblat on GitHub (Apr 27, 2021). Original GitHub issue: https://github.com/OAuthSwift/OAuthSwift/issues/649 Greetings! My team has started using this fabulous library in our inner-source auth library which will be used in 6 (and probably more) of our company's public iOS apps. We are using PingFederate as our OAuth server. I have noticed that there are two new GitHub releases (2.1.1 & 2.1.2) that have been tagged but not yet released to CocoaPods trunk. Version 2.1.0 is the latest that shows up on CocoaPods. ``` -> OAuthSwift (2.1.0) Swift based OAuth library for iOS and macOS. pod 'OAuthSwift', '~> 2.1.0' - Homepage: https://github.com/OAuthSwift/OAuthSwift - Source: https://github.com/OAuthSwift/OAuthSwift.git - Versions: 2.1.0, 2.0.0, 1.4.1, 1.4.0, 1.3.0, 1.2.2, 1.2.0, 1.1.2, 1.1.1, 1.1.0, 1.0.0, 0.6.0, 0.5.2, 0.5.1, 0.5.0, 0.4.8, 0.4.6, 0.4.5, 0.4.4, 0.4.3, 0.3.7, 0.3.6, 0.3.5, 0.3.4, 0.3.3, 0.3.2, 0.3.1, 0.3.0, 0.2.1, 0.2.0, 0.1.9, 0.1.2, 0.1.1, 0.1.0 [cocoapods repo] ``` I would like to help out with publishing these and future releases to CocoaPods. I just need @phimage or @dongri to run the following command to add me as an owner of this pod. ``` pod trunk add-owner OAuthSwift ben@octop.ad ``` Note that all CocoaPods trunk session keys have been wiped due to a recent [trunk vulnerability](https://blog.cocoapods.org/CocoaPods-Trunk-RCE/), so you'll probably need to authenticate again with `pod trunk register`. I have lots of experience publishing libraries to CocoaPods trunk and also publish our own 20+ internal iOS libraries to a private repo. ``` ↪ pod trunk me - Name: Ben Chatelain - Email: ben@octop.ad - Since: August 31st, 2015 19:47 - Pods: - ObjectiveGit - libgit2 - Nimble - Fetchable - BlueDot - Quick - RBQFetchedResultsController - ABFRealmMapView - RBQSafeRealmObject - SafeRealmObject - SwiftFetchedResultsController - RealmMapView - Outlets - Commandant ``` I can also help out with issue triage and PR review if you would be open to adding me as a contributor on this repo.

kerem closed this issue 2026-03-03 16:48:34 +03:00

kerem commented 2026-03-03 16:48:35 +03:00

Author

Owner

Copy link

@phimage commented on GitHub (Apr 28, 2021):

Hi,

I have made cocoapod push (without any test, I do not like that 😭)
(change target tvos to 13 to make it pass)

I do not use anymore cocoapod so sorry for the late...

Only @dongri could add you on github or cocoapod
I agree with that

<!-- gh-comment-id:828268504 --> @phimage commented on GitHub (Apr 28, 2021): Hi, I have made cocoapod push (without any test, I do not like that 😭) (change target tvos to 13 to make it pass) I do not use anymore cocoapod so sorry for the late... Only @dongri could add you on github or cocoapod I agree with that

kerem commented 2026-03-03 16:48:35 +03:00

Author

Owner

Copy link

@dongri commented on GitHub (Apr 28, 2021):

@phimage Thank you for your support!

@phatblat Hi, Ben
I have added you to cocoapod.
I've also added it to this repository

<!-- gh-comment-id:828423723 --> @dongri commented on GitHub (Apr 28, 2021): @phimage Thank you for your support! @phatblat Hi, Ben I have added you to cocoapod. I've also added it to this repository

kerem commented 2026-03-03 16:48:35 +03:00

Author

Owner

Copy link

@mesopelagique commented on GitHub (Apr 28, 2021):

(posted with bad account: I am phimage)

for the 2.1.3 or 2.2.0

I have lost all my data, and so my test file with all my oauth service provider tokens , so without testing I am not confident

I try to figure the change log and see If no regression
https://github.com/OAuthSwift/OAuthSwift/compare/2.1.2...master

Checked

• add log system #586 by svoip (fixed compil issue #612)
• readme cleaning
• reddit example #641 by mrnguuyen
• Mac Catalyst compile issue #605
• #599 cancel login on some callbackurl handler
  (
  #602 fix warning
  )

to check

• #623 signature plaintext ; TODO look at the RFC and check
• #596, ... change of refresh token ; execute the code one time, see it work (maybe compare with all code because code moved to client)
• ...

<!-- gh-comment-id:828761986 --> @mesopelagique commented on GitHub (Apr 28, 2021): (posted with bad account: I am phimage) for the 2.1.3 or 2.2.0 I have lost all my data, and so my test file with all my oauth service provider tokens , so without testing I am not confident I try to figure the change log and see If no regression https://github.com/OAuthSwift/OAuthSwift/compare/2.1.2...master Checked - add log system #586 by svoip (fixed compil issue #612) - readme cleaning - reddit example #641 by mrnguuyen - Mac Catalyst compile issue #605 - #599 cancel login on some callbackurl handler ( #602 fix warning ) to check - #623 signature plaintext ; TODO look at the RFC and check - #596, ... change of refresh token ; execute the code one time, see it work (maybe compare with all code because code moved to client) - ...

kerem commented 2026-03-03 16:48:35 +03:00

Author

Owner

Copy link

@phatblat commented on GitHub (Apr 29, 2021):

Thanks! I look forward to working with you both and the users of this fabulous library!

I'm going to create a couple of issues to track the release of 2.1.1 and 2.1.2 to CocoaPods mostly as a place to note any hiccups or things I learn in the process. Meanwhile, I'll start reviewing the recent history to figure out whether the next release should be a patch or minor release.

I did notice that the public API was changed in 2.1.1 when ASWebAuthenticationURLHandler had the prefersEphemeralWebBrowserSession parameter added to the constructor. Technically, this is actually a breaking change since there is no default for the value, but would be a minor version if a default value were added so that the parameter didn't need to be added everywhere that ASWebAuthenticationURLHandler is constructed.

<!-- gh-comment-id:828916734 --> @phatblat commented on GitHub (Apr 29, 2021): Thanks! I look forward to working with you both and the users of this fabulous library! I'm going to create a couple of issues to track the release of 2.1.1 and 2.1.2 to CocoaPods mostly as a place to note any hiccups or things I learn in the process. Meanwhile, I'll start reviewing the recent history to figure out whether the next release should be a patch or minor release. I did notice that the public API was changed in 2.1.1 when `ASWebAuthenticationURLHandler` had the [`prefersEphemeralWebBrowserSession`](https://github.com/OAuthSwift/OAuthSwift/commit/3ae1a5d3335e0de90f22080e8637a2e600abd117#diff-422dc9b607338e5bda78df1aba80b93de81e6fae851adaf203f7cd304ff2e834) parameter added to the constructor. Technically, this is actually a breaking change since there is no default for the value, but would be a minor version if a default value were added so that the parameter didn't need to be added everywhere that `ASWebAuthenticationURLHandler` is constructed.

kerem commented 2026-03-03 16:48:36 +03:00

Author

Owner

Copy link

@phatblat commented on GitHub (Apr 29, 2021):

Nevermind. Looks like 2.1.1 and 2.1.2 are live now on CocoaPods.

<!-- gh-comment-id:828917720 --> @phatblat commented on GitHub (Apr 29, 2021): Nevermind. Looks like 2.1.1 and 2.1.2 are live now on CocoaPods.

kerem commented 2026-03-03 16:48:36 +03:00

Author

Owner

Copy link

@phimage commented on GitHub (Apr 29, 2021):

I didn't care enough if semantic version rules has been broken

<!-- gh-comment-id:828982216 --> @phimage commented on GitHub (Apr 29, 2021): I didn't care enough if semantic version rules has been broken

kerem commented 2026-03-03 16:48:36 +03:00

Author

Owner

Copy link

@phatblat commented on GitHub (Apr 30, 2021):

I was wrong. There was a default value added in a subsequent commit. So, this was not a breaking API change in 2.1.1.

<!-- gh-comment-id:830319420 --> @phatblat commented on GitHub (Apr 30, 2021): I was wrong. There was a default value added in a subsequent commit. So, this was not a breaking API change in 2.1.1.

kerem commented 2026-03-03 16:48:36 +03:00

Author

Owner

Copy link

@phatblat commented on GitHub (Apr 30, 2021):

It doesn't look like I have any permissions on this repo yet. I can't add labels or merge PRs. I wanted to merge #285 before releasing #620 since that's a good change, but I don't have permission.

<!-- gh-comment-id:830327351 --> @phatblat commented on GitHub (Apr 30, 2021): It doesn't look like I have any permissions on this repo yet. I can't add labels or merge PRs. I wanted to merge #285 before releasing #620 since that's a good change, but I don't have permission.

kerem commented 2026-03-03 16:48:36 +03:00

Author

Owner

Copy link

@mesopelagique commented on GitHub (Apr 30, 2021):

phimage: unfortunately I cannot do anything 😝 ( @dongri ? maybe the role)
, except that I could merge or the moment
#625 I suppose

before releasing something I want to check the #623 that I merge without really checking the code and result

<!-- gh-comment-id:830341487 --> @mesopelagique commented on GitHub (Apr 30, 2021): phimage: unfortunately I cannot do anything 😝 ( @dongri ? maybe the role) , except that I could merge or the moment #625 I suppose before releasing something I want to check the #623 that I merge without really checking the code and result

kerem commented 2026-03-03 16:48:36 +03:00

Author

Owner

Copy link

@phatblat commented on GitHub (May 5, 2021):

I'm a collaborator now that I found the invite that @dongri send me 😳

<!-- gh-comment-id:832375071 --> @phatblat commented on GitHub (May 5, 2021): I'm a collaborator now that I found the invite that @dongri send me 😳

kerem commented 2026-03-03 16:48:36 +03:00

Author

Owner

Copy link

@phatblat commented on GitHub (May 18, 2021):

Regarding #623, RFC-5849 section 3.4.4: PLAINTEXT

   The "PLAINTEXT" method does not employ a signature algorithm.  It
   MUST be used with a transport-layer mechanism such as TLS or SSL (or
   sent over a secure channel with equivalent protections).  It does not
   utilize the signature base string or the "oauth_timestamp" and
   "oauth_nonce" parameters.

   The "oauth_signature" protocol parameter is set to the concatenated
   value of:

   1.  The client shared-secret, after being encoded (Section 3.6).

   2.  An "&" character (ASCII code 38), which MUST be included even
       when either secret is empty.

   3.  The token shared-secret, after being encoded (Section 3.6).

The spec lines up with the implementation:

"\(consumerSecret)&\(oauthTokenSecret)"

However, the values used are not the urlEncoded values and thus could cause issues if one of those values contained unsupported characters.

<!-- gh-comment-id:842734690 --> @phatblat commented on GitHub (May 18, 2021): Regarding #623, RFC-5849 section [3.4.4](https://datatracker.ietf.org/doc/html/rfc5849#section-3.4.4): PLAINTEXT ``` The "PLAINTEXT" method does not employ a signature algorithm. It MUST be used with a transport-layer mechanism such as TLS or SSL (or sent over a secure channel with equivalent protections). It does not utilize the signature base string or the "oauth_timestamp" and "oauth_nonce" parameters. The "oauth_signature" protocol parameter is set to the concatenated value of: 1. The client shared-secret, after being encoded (Section 3.6). 2. An "&" character (ASCII code 38), which MUST be included even when either secret is empty. 3. The token shared-secret, after being encoded (Section 3.6). ``` The spec lines up with the implementation: ```swift "\(consumerSecret)&\(oauthTokenSecret)" ``` However, the values used are *not* the `urlEncoded` values and thus could cause issues if one of those values contained unsupported characters.

kerem commented 2026-03-03 16:48:36 +03:00

Author

Owner

Copy link

@phimage commented on GitHub (May 18, 2021):

thanks
So it's better than nothing

we could release or make fix with using maybe one of functions in github.com/OAuthSwift/OAuthSwift@2384f60031/Sources/String+OAuthSwift.swift

<!-- gh-comment-id:842847296 --> @phimage commented on GitHub (May 18, 2021): thanks So it's better than nothing we could release or make fix with using maybe one of functions in https://github.com/OAuthSwift/OAuthSwift/blob/2384f60031ac824826fc367e6ed963b2c3eae797/Sources/String%2BOAuthSwift.swift

kerem commented 2026-03-03 16:48:36 +03:00

Author

Owner

Copy link

@phatblat commented on GitHub (May 18, 2021):

Proposed a fix in #657

<!-- gh-comment-id:842925582 --> @phatblat commented on GitHub (May 18, 2021): Proposed a fix in #657

kerem commented 2026-03-03 16:48:36 +03:00

Author

Owner

Copy link

@phimage commented on GitHub (May 18, 2021):

merged thanks

<!-- gh-comment-id:842937879 --> @phimage commented on GitHub (May 18, 2021): merged thanks

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

ci/action/danger

ci/action/release-drafter

pkce

ci/action/tvos

ci/travis

2.1.0

2.0.0

fix/fitbiterror

swift3

digu-demo

swift3.0objc

swift2.2

swift2.3

swift2.0

2.2.0

2.1.2

2.1.1

2.1.0

2.0.1

2.0.0

1.4.1

1.4.0

1.3.0

1.2.2

1.2.1

1.2.0

1.1.2

1.1.1

1.1.0

1.0.0

0.6.0

0.5.2

v0.5.2

0.5.1

0.5.0

0.4.8

0.4.6

v0.4.6

0.4.5

v0.4.5

0.4.4

v0.4.4

0.4.3

0.4.2

0.4.1

v0.4.1

0.4.0

v0.4.0

Swift1.x

0.3.7

v0.3.7

0.3.6

v0.3.6

0.3.5

v0.3.5

0.3.4

v0.3.4

0.3.3

v0.3.3

v0.3.2

0.3.2

0.3.1

v0.3.1

0.3.0

v0.3.0

0.2.1

0.2.0

v0.2.0

0.1.9

0.1.8

0.1.7

v0.1.7

v0.1.6

Labels

Clear labels   

bug

  

cocoapod

  

duplicate

  

enhancement

  

feature-request

  

help wanted

  

help wanted

  

invalid

  

pull-request

Mirrored from GitHub Pull Request

  

question

  

wontfix

No labels

bug

cocoapod

duplicate

enhancement

feature-request

help wanted

help wanted

invalid

pull-request

question

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/OAuthSwift#426

No description provided.